| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082233-CVE-2025-38635-aa1c@gregkh> Date: Fri, 22 Aug 2025 18:00:44 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38635: clk: davinci: Add NULL check in davinci_lpsc_clk_register() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensuring no resources are left allocated. The Linux kernel CVE team has assigned CVE-2025-38635 to this issue. Affected and fixed versions =========================== Issue introduced in 4.17 with commit c6ed4d734bc7f731709dab0ffd69eed499dd5277 and fixed in 6.1.148 with commit 105e8115944a9f93e9412abe7bb07ed96725adf9 Issue introduced in 4.17 with commit c6ed4d734bc7f731709dab0ffd69eed499dd5277 and fixed in 6.6.102 with commit 1d92608a29251278015f57f3572bc950db7519f0 Issue introduced in 4.17 with commit c6ed4d734bc7f731709dab0ffd69eed499dd5277 and fixed in 6.12.42 with commit 7943ed1f05f5cb7372dca2aa227f848747a98791 Issue introduced in 4.17 with commit c6ed4d734bc7f731709dab0ffd69eed499dd5277 and fixed in 6.15.10 with commit 6fb19cdcf040e1dec052a9032acb66cc2ad1d43f Issue introduced in 4.17 with commit c6ed4d734bc7f731709dab0ffd69eed499dd5277 and fixed in 6.16.1 with commit 23f564326deaafacfd7adf6104755b15216d8320 Issue introduced in 4.17 with commit c6ed4d734bc7f731709dab0ffd69eed499dd5277 and fixed in 6.17-rc1 with commit 13de464f445d42738fe18c9a28bab056ba3a290a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38635 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/clk/davinci/psc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/105e8115944a9f93e9412abe7bb07ed96725adf9 https://git.kernel.org/stable/c/1d92608a29251278015f57f3572bc950db7519f0 https://git.kernel.org/stable/c/7943ed1f05f5cb7372dca2aa227f848747a98791 https://git.kernel.org/stable/c/6fb19cdcf040e1dec052a9032acb66cc2ad1d43f https://git.kernel.org/stable/c/23f564326deaafacfd7adf6104755b15216d8320 https://git.kernel.org/stable/c/13de464f445d42738fe18c9a28bab056ba3a290a
Powered by blists - more mailing lists